Safe Division with Contracts - Ada-spark Typing CST Test
Loading…
Safe Division with Contracts — Ada-spark Code
A SPARK function that safely divides two numbers, using contracts to ensure correctness.
function Safe_Divide(X, Y : Integer) return Integer
with Pre => Y /= 0,
Post => Safe_Divide'Result * Y = X is
begin
return X / Y;
end Safe_Divide;Ada-spark Language Guide
SPARK is a formally verifiable subset of the Ada programming language designed for high-integrity and safety-critical systems. It enforces strong typing, design-by-contract, and static analysis to mathematically prove program correctness and eliminate entire classes of bugs.
Primary Use Cases
- ▸Avionics flight control software
- ▸Railway signaling and interlocking
- ▸Medical device firmware
- ▸Cybersecure embedded systems
- ▸Automotive safety ECUs
Notable Features
- ▸Design-by-contract with pre/postconditions
- ▸Strong static typing and modularization
- ▸GNATprove formal verification
- ▸Guaranteed absence of runtime errors (AoRTE)
- ▸High-integrity code generation support
Origin & Creator
Developed by Praxis (now Altran UK) and later extended by AdaCore, leading vendors of Ada technology for mission- and safety-critical software.
Industrial Note
SPARK is used where DO-178C Level A or IEC 61508 SIL-4 compliance is required, enabling mathematical proof of correctness for safety-critical and security-critical applications.